71ffed981533caea2e8212a04d88df65_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

71ffed981533caea2e8212a04d88df65_JaffaCakes118
Size

288KB
MD5

71ffed981533caea2e8212a04d88df65
SHA1

09886d555f500512cd696031386097b89104cb0e
SHA256

59fa7cf88609d7a37575dc776b7d71676c7d9655897ab24eefccc7d59b21482f
SHA512

ef9d7fc1243caf7ab3570ee19abd8c270ce1970d434a09c9ade03cd69ce545e9377a7e4c9adeb2d617caea426c774b1e2d52aec8391ebfbe71eddcbc4a6320d0
SSDEEP

6144:WbUn9nbX72GREIHHIPXPb/N+/wuFQk86GMdEXsDAFqD:WA9b9REYHIPXzU/wiW6w8kF0

Score

1^/10

Malware Config

Signatures

Files

71ffed981533caea2e8212a04d88df65_JaffaCakes118
.exe windows:5 windows x86 arch:x86

9b8d45ded8425234deb67ce9ffcb0fa0

Code Sign

eb:54:be:06:f6:d1:60:fa
Certificate

Issuer

CN=Shylock

Not Before

13/10/2011, 14:56

Not After

12/10/2012, 14:56

Subject

CN=Shylock

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b5:8f:bc:2d:4d:c8:80:cb:ce:66:24:d2:ea:71:ba:24:10:db:20:90
Signer

Actual PE Digest

b5:8f:bc:2d:4d:c8:80:cb:ce:66:24:d2:ea:71:ba:24:10:db:20:90

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateMutexA
CloseHandle
GetCurrentThreadId
GetLastError
GetCurrentProcess
GetSystemTime
GetCurrentProcessId
GetProcAddress
LoadLibraryA
VirtualProtectEx
VirtualFree
VirtualAlloc
VirtualAllocEx
WaitForSingleObject
SystemTimeToFileTime
GetModuleHandleA
WaitForMultipleObjects
GetCurrentThread

user32

RegisterClassExA
LoadCursorA
LoadIconA
MessageBoxA
ShowWindow
UpdateWindow
DefWindowProcA
CloseWindow
PostQuitMessage
CreateWindowExA

advapi32

CryptGenRandom
CryptDestroyKey
CryptAcquireContextA
RegCloseKey
RegQueryValueExW
CryptReleaseContext

Sections

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 281KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b8d45ded8425234deb67ce9ffcb0fa0

Code Sign

eb:54:be:06:f6:d1:60:faCertificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

b5:8f:bc:2d:4d:c8:80:cb:ce:66:24:d2:ea:71:ba:24:10:db:20:90Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 312B

.text Size: 281KB - Virtual size: 1.0MB

.rsrc Size: 1KB - Virtual size: 1KB

eb:54:be:06:f6:d1:60:fa
Certificate

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

b5:8f:bc:2d:4d:c8:80:cb:ce:66:24:d2:ea:71:ba:24:10:db:20:90
Signer

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 312B

.text
Size: 281KB - Virtual size: 1.0MB

.rsrc
Size: 1KB - Virtual size: 1KB